1   /**
2    * Copyright (c) 2000-2009 Liferay, Inc. All rights reserved.
3    *
4    *
5    *
6    *
7    * The contents of this file are subject to the terms of the Liferay Enterprise
8    * Subscription License ("License"). You may not use this file except in
9    * compliance with the License. You can obtain a copy of the License by
10   * contacting Liferay, Inc. See the License for the specific language governing
11   * permissions and limitations under the License, including but not limited to
12   * distribution rights of the Software.
13   *
14   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
19   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
20   * SOFTWARE.
21   */
22  
23  package com.liferay.portlet.shopping.action;
24  
25  import com.liferay.portal.kernel.log.Log;
26  import com.liferay.portal.kernel.log.LogFactoryUtil;
27  import com.liferay.portal.kernel.util.HttpUtil;
28  import com.liferay.portal.kernel.util.ParamUtil;
29  import com.liferay.portal.util.PortalUtil;
30  import com.liferay.portlet.shopping.NoSuchOrderException;
31  import com.liferay.portlet.shopping.model.ShoppingOrder;
32  import com.liferay.portlet.shopping.service.ShoppingOrderLocalServiceUtil;
33  import com.liferay.portlet.shopping.util.ShoppingPreferences;
34  import com.liferay.portlet.shopping.util.ShoppingUtil;
35  
36  import java.io.BufferedReader;
37  import java.io.InputStreamReader;
38  import java.io.PrintWriter;
39  
40  import java.net.URL;
41  import java.net.URLConnection;
42  
43  import java.util.Enumeration;
44  
45  import javax.servlet.http.HttpServletRequest;
46  import javax.servlet.http.HttpServletResponse;
47  
48  import org.apache.struts.action.Action;
49  import org.apache.struts.action.ActionForm;
50  import org.apache.struts.action.ActionForward;
51  import org.apache.struts.action.ActionMapping;
52  
53  /**
54   * <a href="PayPalNotificationAction.java.html"><b><i>View Source</i></b></a>
55   *
56   * @author Brian Wing Shun Chan
57   */
58  public class PayPalNotificationAction extends Action {
59  
60      public ActionForward execute(
61              ActionMapping mapping, ActionForm form, HttpServletRequest request,
62              HttpServletResponse response)
63          throws Exception {
64  
65          String invoice = null;
66  
67          try {
68              if (_log.isDebugEnabled()) {
69                  _log.debug("Receiving notification from PayPal");
70              }
71  
72              String query = "cmd=_notify-validate";
73  
74              Enumeration<String> enu = request.getParameterNames();
75  
76              while (enu.hasMoreElements()) {
77                  String name = enu.nextElement();
78  
79                  String value = request.getParameter(name);
80  
81                  query = query + "&" + name + "=" + HttpUtil.encodeURL(value);
82              }
83  
84              if (_log.isDebugEnabled()) {
85                  _log.debug("Sending response to PayPal " + query);
86              }
87  
88              URL url = new URL("https://www.paypal.com/cgi-bin/webscr");
89  
90              URLConnection urlc = url.openConnection();
91  
92              urlc.setDoOutput(true);
93              urlc.setRequestProperty(
94                  "Content-Type","application/x-www-form-urlencoded");
95  
96              PrintWriter pw = new PrintWriter(urlc.getOutputStream());
97  
98              pw.println(query);
99  
100             pw.close();
101 
102             BufferedReader br = new BufferedReader(
103                 new InputStreamReader(urlc.getInputStream()));
104 
105             String payPalStatus = br.readLine();
106 
107             br.close();
108 
109             String itemName = ParamUtil.getString(request, "item_name");
110             String itemNumber = ParamUtil.getString(request, "item_number");
111             invoice = ParamUtil.getString(request, "invoice");
112             String txnId = ParamUtil.getString(request, "txn_id");
113             String paymentStatus = ParamUtil.getString(
114                 request, "payment_status");
115             double paymentGross = ParamUtil.getDouble(request, "mc_gross");
116             String receiverEmail = ParamUtil.getString(
117                 request, "receiver_email");
118             String payerEmail = ParamUtil.getString(request, "payer_email");
119 
120             if (_log.isDebugEnabled()) {
121                 _log.debug("Receiving response from PayPal");
122                 _log.debug("Item name " + itemName);
123                 _log.debug("Item number " + itemNumber);
124                 _log.debug("Invoice " + invoice);
125                 _log.debug("Transaction ID " + txnId);
126                 _log.debug("Payment status " + paymentStatus);
127                 _log.debug("Payment gross " + paymentGross);
128                 _log.debug("Receiver email " + receiverEmail);
129                 _log.debug("Payer email " + payerEmail);
130             }
131 
132             if (payPalStatus.equals("VERIFIED") && validate(request)) {
133                 ShoppingOrderLocalServiceUtil.completeOrder(
134                     invoice, txnId, paymentStatus, paymentGross, receiverEmail,
135                     payerEmail, true);
136             }
137             else if (payPalStatus.equals("INVALID")) {
138             }
139 
140             return null;
141         }
142         catch (Exception e) {
143             PortalUtil.sendError(e, request, response);
144 
145             return null;
146         }
147     }
148 
149     protected boolean validate(HttpServletRequest request) throws Exception {
150 
151         // Invoice
152 
153         String ppInvoice = ParamUtil.getString(request, "invoice");
154 
155         ShoppingOrder order = ShoppingOrderLocalServiceUtil.getOrder(
156             ppInvoice);
157 
158         ShoppingPreferences shoppingPrefs = ShoppingPreferences.getInstance(
159             order.getCompanyId(), order.getGroupId());
160 
161         // Receiver email address
162 
163         String ppReceiverEmail = ParamUtil.getString(
164             request, "receiver_email");
165 
166         String payPalEmailAddress = shoppingPrefs.getPayPalEmailAddress();
167 
168         if (!payPalEmailAddress.equals(ppReceiverEmail)) {
169             return false;
170         }
171 
172         // Payment gross
173 
174         double ppGross = ParamUtil.getDouble(request, "mc_gross");
175 
176         double orderTotal = ShoppingUtil.calculateTotal(order);
177 
178         if (orderTotal != ppGross) {
179             return false;
180         }
181 
182         // Payment currency
183 
184         String ppCurrency = ParamUtil.getString(request, "mc_currency");
185 
186         String currencyId = shoppingPrefs.getCurrencyId();
187 
188         if (!currencyId.equals(ppCurrency)) {
189             return false;
190         }
191 
192         // Transaction ID
193 
194         String ppTxnId = ParamUtil.getString(request, "txn_id");
195 
196         try {
197             ShoppingOrderLocalServiceUtil.getPayPalTxnIdOrder(ppTxnId);
198 
199             return false;
200         }
201         catch (NoSuchOrderException nsoe) {
202         }
203 
204         return true;
205     }
206 
207     private static Log _log =
208         LogFactoryUtil.getLog(PayPalNotificationAction.class);
209 
210 }